Activity log for bug #1946904

Date Who What changed Old value New value Message
2021-10-13 04:07:15 Bryce Harrington bug added bug
2021-10-13 04:07:17 Bryce Harrington bug added subscriber Canonical Server Team
2021-10-13 17:54:47 Sergio Durigan Junior sssd (Ubuntu): assignee Sergio Durigan Junior (sergiodj)
2021-10-19 04:37:24 Bryce Harrington description Scheduled-For: 23.01 Upstream: tbd Debian: 2.5.2-4 Ubuntu: 2.4.1-2ubuntu4 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### sssd (2.5.2-4) unstable; urgency=medium * control: Promote libnss-sss and libpam-sss to sssd-common Depends. (Closes: #995730) * common: Drop old Breaks/Replaces. -- Timo Aaltonen <tjaalton@debian.org> Mon, 11 Oct 2021 17:46:04 +0300 sssd (2.5.2-3) unstable; urgency=medium * rules: Explicitly set sssd-user as root. * install: Add sssd-pcsc.rules to -common. * postinst: Correct file/dir permissions and ownership when the daemon is run as root. (Closes: #994807) * 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our libldap is built without LDAP_CONNECTIONLESS, cope with that. (Closes: #994879) -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Sep 2021 18:54:07 +0300 sssd (2.5.2-2) unstable; urgency=medium * rules: Disable tests for now. (Closes: #994479) -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Sep 2021 17:38:19 +0300 sssd (2.5.2-1) unstable; urgency=medium [ Sergio Durigan Junior ] * d/apparmor-profile: Update profile: - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*. - Add read/execute permission to /usr/libexec/sssd/*. [ Timo Aaltonen ] * New upstream release. (Closes: #978904, #992815, #983795) * fix-whitespace-test.diff: Refreshed. * control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream. * fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix. * patches: Fix CVE-2021-3621. (Closes: #992710) -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300 sssd (2.4.1-2) unstable; urgency=medium [ Marco Trevisan (Treviño) ] * debian/control: Mark test packages as <!nocheck> - Add missing test dependencies - Enable libcmocka (and so unit tests) all the archs * debian/rules: - Don't run tests if nocheck is set - Enable tests again * debian/patches: - Get libsofthsm2 from right path for each architecture [ Timo Aaltonen ] * test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch: Dropped, upstream. -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 13:49:04 +0200 sssd (2.4.1-1) unstable; urgency=medium * New upstream release. * libpam-sss.install: Add pam_sss_gss. -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200 sssd (2.4.0-1) unstable; urgency=medium * New upstream release. * source: Update diff-ignore. -- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Dec 2020 22:36:54 +0200 sssd (2.3.1-3) unstable; urgency=medium * control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777) -- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Oct 2020 15:56:19 +0300 sssd (2.3.1-2) unstable; urgency=medium * control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645) -- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Sep 2020 14:15:03 +0300 sssd (2.3.1-1) unstable; urgency=medium * New upstream release. (Closes: #965307, #965143) * source: Extend diff-ignore. * rules: Set --with-libwbclient. * control: Add libsofthsm2 to build-depends for tests. -- Timo Aaltonen <tjaalton@debian.org> Tue, 28 Jul 2020 17:14:55 +0300 sssd (2.3.0-2) unstable; urgency=medium * rules: Drop quilt, autoreconf from dh. -- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 15:49:20 +0300 ### Old Ubuntu Delta ### sssd (2.4.1-2ubuntu4) impish; urgency=medium * Fix FTBFS with newer autoconf - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX and PYTHON_EXEC_PREFIX in src/external/python.m4. -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400 sssd (2.4.1-2ubuntu3) impish; urgency=medium * SECURITY UPDATE: shell command injection in sssctl comment - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to avoid execution of user supplied command in src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h, src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c. - CVE-2021-3621 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400 sssd (2.4.1-2ubuntu2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400 sssd (2.4.1-2ubuntu1) impish; urgency=medium * Merge with Debian unstable. Remaining changes: - d/apparmor-profile: Update profile. (LP #1910611) + Extend read permissions to /etc/sssd/** and /etc/gss/**. + Add read/execute permission to /usr/libexec/sssd/*. - Disable lto, not ready upstream. - d/control: Drop libgdm-dev Build-Depend on i386. * Dropped changes: - d/p/condition-path-exists-sssd-conf.patch: Only start sssd.service if there is a configuration file present. (LP: #1900642) [ Included in 2.4.1-2 ] - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch: Upstream patch to make sssd.service only able to start when there is a configuration file present. (LP #1900642) - d/p/condition-path-exists-sssd-conf.patch: Remove. [ Included in 2.4.1-2 ] - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065): + d/p/lp-1908065-01-syslog_identifier-format.patch: Upstream patch to include 'sssd[]' identifier in program names. + d/p/lp-1908065-02-remove-syslog_identifier.patch: Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald. [ Included in 2.4.1-2 ] * Added changes: - d/p/fix-python-tests.patch: Fix Python tests by making them assert Python module paths by using full pathnames. - d/p/disable-fail_over-tests.patch: Disable fail_over-tests, which is failing when running inside sbuild. -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400 Upstream: tbd Debian: 2.5.2-4 Ubuntu: 2.4.1-2ubuntu4 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### sssd (2.5.2-4) unstable; urgency=medium   * control: Promote libnss-sss and libpam-sss to sssd-common Depends.     (Closes: #995730)   * common: Drop old Breaks/Replaces.  -- Timo Aaltonen <tjaalton@debian.org> Mon, 11 Oct 2021 17:46:04 +0300 sssd (2.5.2-3) unstable; urgency=medium   * rules: Explicitly set sssd-user as root.   * install: Add sssd-pcsc.rules to -common.   * postinst: Correct file/dir permissions and ownership when the daemon     is run as root. (Closes: #994807)   * 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our     libldap is built without LDAP_CONNECTIONLESS, cope with that.     (Closes: #994879)  -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Sep 2021 18:54:07 +0300 sssd (2.5.2-2) unstable; urgency=medium   * rules: Disable tests for now. (Closes: #994479)  -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Sep 2021 17:38:19 +0300 sssd (2.5.2-1) unstable; urgency=medium   [ Sergio Durigan Junior ]   * d/apparmor-profile: Update profile:     - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.     - Add read/execute permission to /usr/libexec/sssd/*.   [ Timo Aaltonen ]   * New upstream release. (Closes: #978904, #992815, #983795)   * fix-whitespace-test.diff: Refreshed.   * control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream.   * fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix.   * patches: Fix CVE-2021-3621. (Closes: #992710)  -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300 sssd (2.4.1-2) unstable; urgency=medium   [ Marco Trevisan (Treviño) ]   * debian/control: Mark test packages as <!nocheck>     - Add missing test dependencies     - Enable libcmocka (and so unit tests) all the archs   * debian/rules:     - Don't run tests if nocheck is set     - Enable tests again   * debian/patches:     - Get libsofthsm2 from right path for each architecture   [ Timo Aaltonen ]   * test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch:     Dropped, upstream.  -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 13:49:04 +0200 sssd (2.4.1-1) unstable; urgency=medium   * New upstream release.   * libpam-sss.install: Add pam_sss_gss.  -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200 sssd (2.4.0-1) unstable; urgency=medium   * New upstream release.   * source: Update diff-ignore.  -- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Dec 2020 22:36:54 +0200 sssd (2.3.1-3) unstable; urgency=medium   * control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777)  -- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Oct 2020 15:56:19 +0300 sssd (2.3.1-2) unstable; urgency=medium   * control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645)  -- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Sep 2020 14:15:03 +0300 sssd (2.3.1-1) unstable; urgency=medium   * New upstream release. (Closes: #965307, #965143)   * source: Extend diff-ignore.   * rules: Set --with-libwbclient.   * control: Add libsofthsm2 to build-depends for tests.  -- Timo Aaltonen <tjaalton@debian.org> Tue, 28 Jul 2020 17:14:55 +0300 sssd (2.3.0-2) unstable; urgency=medium   * rules: Drop quilt, autoreconf from dh.  -- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 15:49:20 +0300 ### Old Ubuntu Delta ### sssd (2.4.1-2ubuntu4) impish; urgency=medium   * Fix FTBFS with newer autoconf     - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX       and PYTHON_EXEC_PREFIX in src/external/python.m4.  -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400 sssd (2.4.1-2ubuntu3) impish; urgency=medium   * SECURITY UPDATE: shell command injection in sssctl comment     - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to       avoid execution of user supplied command in       src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,       src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.     - CVE-2021-3621  -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400 sssd (2.4.1-2ubuntu2) impish; urgency=medium   * No-change rebuild due to OpenLDAP soname bump.  -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400 sssd (2.4.1-2ubuntu1) impish; urgency=medium   * Merge with Debian unstable. Remaining changes:     - d/apparmor-profile: Update profile. (LP #1910611)       + Extend read permissions to /etc/sssd/** and /etc/gss/**.       + Add read/execute permission to /usr/libexec/sssd/*.     - Disable lto, not ready upstream.     - d/control: Drop libgdm-dev Build-Depend on i386.   * Dropped changes:     - d/p/condition-path-exists-sssd-conf.patch: Only start       sssd.service if there is a configuration file present.       (LP: #1900642)       [ Included in 2.4.1-2 ]     - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:       Upstream patch to make sssd.service only able to start when there       is a configuration file present. (LP #1900642)     - d/p/condition-path-exists-sssd-conf.patch: Remove.       [ Included in 2.4.1-2 ]     - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):       + d/p/lp-1908065-01-syslog_identifier-format.patch:         Upstream patch to include 'sssd[]' identifier in program names.       + d/p/lp-1908065-02-remove-syslog_identifier.patch:         Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.       [ Included in 2.4.1-2 ]   * Added changes:     - d/p/fix-python-tests.patch: Fix Python tests by making them       assert Python module paths by using full pathnames.     - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,       which is failing when running inside sbuild.  -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400
2021-10-19 04:37:28 Bryce Harrington sssd (Ubuntu): milestone ubuntu-22.01
2021-11-17 08:44:00 Launchpad Janitor sssd (Ubuntu): status New Fix Released
2021-11-17 08:44:00 Launchpad Janitor cve linked 2021-3621
2022-01-05 16:32:05 Sergio Durigan Junior sssd (Ubuntu): status Fix Released New
2022-01-12 01:16:07 Sergio Durigan Junior sssd (Ubuntu): status New Incomplete
2022-02-14 21:24:58 Sergio Durigan Junior sssd (Ubuntu): status Incomplete In Progress
2022-02-23 21:14:15 Sergio Durigan Junior sssd (Ubuntu): status In Progress Fix Released